]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1f74df)
wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table
authorPing-Ke Shih <pkshih@realtek.com>
Wed, 11 Oct 2023 06:37:24 +0000 (14:37 +0800)
committerKalle Valo <kvalo@kernel.org>
Thu, 12 Oct 2023 12:16:35 +0000 (15:16 +0300)
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

Use struct_size() and flex_array_size() helpers to calculate proper sizes
for allocation and memcpy().

Don't change logic at all, and result is identical as before.

Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20231011063725.25276-1-pkshih@realtek.com
drivers/net/wireless/realtek/rtw89/coex.c patch | blob | blame | history

diff --git a/drivers/net/wireless/realtek/rtw89/coex.c b/drivers/net/wireless/realtek/rtw89/coex.c
index 4ba8b3df70aeb09a3707428d7acc61ece495c971..9f9da122f3f89f040a8a75b625166a50650598fd 100644 (file)
--- a/drivers/net/wireless/realtek/rtw89/coex.c
+++ b/drivers/net/wireless/realtek/rtw89/coex.c
@@ -237,7 +237,7 @@ struct rtw89_btc_btf_set_report {
 struct rtw89_btc_btf_set_slot_table {
        u8 fver;
        u8 tbl_num;
-       u8 buf[];
+       struct rtw89_btc_fbtc_slot tbls[] __counted_by(tbl_num);
 } __packed;
 
 struct rtw89_btc_btf_set_mon_reg {
@@ -1821,19 +1821,17 @@ static void rtw89_btc_fw_en_rpt(struct rtw89_dev *rtwdev,
 static void rtw89_btc_fw_set_slots(struct rtw89_dev *rtwdev, u8 num,
                                   struct rtw89_btc_fbtc_slot *s)
 {
-       struct rtw89_btc_btf_set_slot_table *tbl = NULL;
-       u8 *ptr = NULL;
-       u16 n = 0;
+       struct rtw89_btc_btf_set_slot_table *tbl;
+       u16 n;
 
-       n = sizeof(*s) * num + sizeof(*tbl);
+       n = struct_size(tbl, tbls, num);
        tbl = kmalloc(n, GFP_KERNEL);
        if (!tbl)
                return;
 
        tbl->fver = BTF_SET_SLOT_TABLE_VER;
        tbl->tbl_num = num;
-       ptr = &tbl->buf[0];
-       memcpy(ptr, s, num * sizeof(*s));
+       memcpy(tbl->tbls, s, flex_array_size(tbl, tbls, num));
 
        _send_fw_cmd(rtwdev, BTFC_SET, SET_SLOT_TABLE, tbl, n);
 
A mirror of Linus' kernel repository